How to increase security on your iPhone’s lock screen

Breaking into an iPhone with 2FA enabled isn't easy. The attacker would need the password and use the owner's finger. It won't even work if you cut off the user's finger because the scanner accepts only living tissue. But a spouse ... hmm...

Why does iOS still regularly demand a passcode, when a fingerprint is surely more secure?

Failure modes could include:

Damaged hardware. If the fingerprint scanner is damaged, then the user can still get in.

Damaged finger. If the user’s finger gets covered in nail polish, fingerprint ridges get washed away in acid or Clorox or otherwise can’t use the finger, there is still a way in.

Other considerations:

Convenience. The fingerprint scanner is quick and is better for convenient logging in.

General technological introduction. Apple introduced a fingerprint scanner to the masses and by requiring a passcode as well, there is less chance of users getting entirely locked out. It’s conceivable that a bug in the fingerprint firmware could leave millions of users locked out which would be tragic for sales.

Finally, the most relevant consideration is 2FA (two factor authentication). This says that access to the device requires something-you-know and something-you-are.

Breaking into an iPhone with 2FA enabled isn’t easy. The attacker would need the password and use the owner’s finger. It won’t even work if you cut off the user’s finger because the scanner accepts only living tissue. But a spouse … hmm…

So to protect the passcode, follow this

Beef Up Your Passcode

Use a Six-Digit Passcode

Use an Any-Digit Passcode

Use an Alphanumeric Code (Or Complex Passcode)

Disable Lock Screen Features

Disable the Control Center

Make Your iPhone Lock Sooner

Hide Notification Content or Remove It Completely

1. if you jailbreak or root any device, you’ll be screwed

2. if you install apps from untrusted places, you’ll be screwed.

3. to install apps from untrusted places, you need to explicitly allow untrusted apps on Android and on Mac OS X. On the iPhone it’s not possible.

4. to install apps from untrusted places you need to explicitly accept and approve a developer profile (enterprise). This is a multi-step procedure that asks you “are you really sure” a million times, including asking you for your passcode.

5. to install apps from untrusted places you’ll still need to explicitly aprove the app the first time you run it. “do you want to run <app> from developer <developer>?”

6. to be vulnerable via USB you need to explicitly state you do trust that computer